spec-product-prd
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is local file manipulation (reading and writing markdown files) within a specific project directory structure. It does not perform network requests or execute shell commands outside of standard workflow transitions.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes content from external files (
solution.md,raw.md) which could contain untrusted instructions. However, this is an inherent part of its documentation purpose. - Ingestion points: Reads content from
{FEATURE_DIR}/requirements/solution.md,{FEATURE_DIR}/requirements/raw.md, andproject/memory/glossary.md. - Boundary markers: The skill does not explicitly use boundary markers or XML tags to isolate the content of the input files during the PRD generation prompt.
- Capability inventory: The skill has permissions to write to the local filesystem (
prd.md) and chain to theusing-aisdlcskill. - Sanitization: No explicit sanitization or filtering of the input file content is implemented before it is processed by the AI.
Audit Metadata